Abstract
AbstractSmart-locks have become increasingly popular for access to homes and businesses in many countries, because of their ease of use and adaptability. These locks offer a simple and secure alternative to traditional key-based entry, making them an attractive choice for both residential and commercial properties. Nevertheless, it is essential to acknowledge the potential security threats that come with any new technology. The security of smart-locks is particularly critical, as a breach could result in unauthorized entry. Since the smart-locks can connect, there are different ways to check if vulnerabilities can be found easily or on the contrary, if the security level is high. Two of the main ways of checking the security level of this kind of IoT device are the information that can be obtained from the Android application and the security level of the Bluetooth connection. Many vulnerabilities can be found in the Android smart lock management application. This application is very useful to perform all the configurations with such a lock, but if it is not properly implemented and secured, it can provide clues for malicious users to perform unauthorized access to the system. Another security factor is the Bluetooth connection. This ensures that only authorized users have access to the property. In this work, we have analyzed the security level of different parts of smart-locks. In particular, we have analyzed the security of the applications for the most important smart-locks on the market. This study reveals relevant information such as whether the application is obfuscated or not, the encryption algorithm for the Bluetooth connection, or relevant URLs that applications use to connect to the cloud. The security of the Bluetooth connection between the smartphone application and two selected smart-locks was also analyzed. It was demonstrated that if no encryption is used for the Bluetooth connection, the smart-lock is not secure, but if AES encryption is used, the security level is high.
Funder
Cátedra en Ciberseguridad Binter, ULL
Cátedra Edosoft en Computación en la Nube e Inteligencia Artificial, ULL
Universidad de la Laguna
Publisher
Springer Science and Business Media LLC
Subject
Electrical and Electronic Engineering,Computer Networks and Communications,Information Systems
Reference31 articles.
1. Palle, S. (2017). Smart locks: Exploring security breaches and access extensions. PhD thesis, Oklahoma State University.
2. Lamping, U., & Warnicke, E. (2004). Wireshark user’s guide. Interface, 4(6), 1.
3. Solutions, N.H. (2013). Nuki smart lock. https://nuki.io/es/smart-lock/.
4. Xiaomi. Sherlock smart lock. https://cerradurasinteligentes.net/xiaomi/xiaomi-sherlock-s2/.
5. Bichsel, B., Raychev, V., Tsankov, P., & Vechev, M. (2016). Statistical deobfuscation of android applications. In Proceedings of the 2016 ACM SIGSAC conference on computer and communications security, pp. 343–355.
Cited by
3 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献
1. Broad Perspective of Smart Home Technology in 2024;International Journal of Smart Technologies;2024-08-07
2. A Comparative Study of Authentication Protocols in DGC-Based Smart Lock Systems;2024 11th International Conference on Wireless Networks and Mobile Communications (WINCOM);2024-07-23
3. Binary Program Vulnerability Mining Based on Neural Network;Computers, Materials & Continua;2024